×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ClientLess VPN (Clientless (browser) SSL VPN access is not allowed.)

Unanswered Question
Oct 21st, 2010
User Badges:

Clientless SSL VPN errors. I have two groups that I get from the main login(AnyConnectVPN & ClientLessVPN). AnyConnect works fine and start the Anyconnect Client. But when I chose the ClientLessVPN group  and login to access the web, I get this error (Clientless (browser) SSL VPN access is not allowed.).What am I missing, here is the config.

webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
svc enable
tunnel-group-list enable

group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy ClientLessVPNGroup internal
group-policy ClientLessVPNGroup attributes
vpn-tunnel-protocol webvpn
webvpn
  svc ask none default webvpn
group-policy AnnyConnectVPNGroup internal
group-policy AnnyConnectVPNGroup attributes
vpn-tunnel-protocol svc
webvpn
  svc keep-installer none
tunnel-group ClientLessVPN type remote-access
tunnel-group ClientLessVPN general-attributes
default-group-policy ClientLessVPNGroup
tunnel-group ClientLessVPN webvpn-attributes
group-alias ClientLessVPN enable
tunnel-group AnnyConnectVPN type remote-access
tunnel-group AnnyConnectVPN general-attributes
address-pool VPNPOOL
default-group-policy AnnyConnectVPNGroup
tunnel-group AnnyConnectVPN webvpn-attributes
group-alias AnnyConnectVPN enable
group-url https://xx.xx.xx.xx/AnnyConnectVPN enable
!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jennifer Halim Thu, 10/21/2010 - 16:20
User Badges:
  • Cisco Employee,

You are running and having AnyConnect Essential license on your ASA which does not support Clientless SSL VPN.


There are 2 types of SSL VPN license:

1) AnyConnect Essential license - only supports AnyConnect client connections

2) AnyConnect Premium license (user base license) - supports all flavours of SSL VPN, including: clientless SSL VPN, AnyConnect client VPN, and all the advanced features of SSL VPN.


Hope that answers your question.

gjohnson1963 Fri, 10/22/2010 - 07:53
User Badges:

This is what is enabled,I have 10 SSL


Device License                        VPN Plus

AnyConnect Essentials            Enabled

SSL VPN Peers                      10

gjohnson1963 Fri, 10/22/2010 - 10:08
User Badges:

Double checked the LIC


Have 10 Premium User Lic

L-ASA-SSL-10= ASA 5500 SSL VPN 10 Premium User License

Jennifer Halim Fri, 10/22/2010 - 14:44
User Badges:
  • Cisco Employee,

You can't have both AnyConnect Essential license and AnyConnect Premium license enabled at the same ASA. It is one or the other.


Since you have both enabled at the moment, if you would like to use the Clientless SSL VPN, you can disable the AnyConnect Essestial license, and make use of the 10 AnyConnect Premium license. But please kindly be advised that you will only have maximum of 10 concurrent SSL VPN connections.


Here is the command to disable AnyConnect Essential:


webvpn

  no anyconnect-essentials


Here is the command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1668278


Hope that answers your question.

hbruun Sun, 09/15/2013 - 03:40
User Badges:

Thanks, this solved my problem to  :-)

Actions

This Discussion

Related Content